radius and natd
Sean Hafeez
sahafeez at edgefocus.com
Thu Jul 31 12:21:47 PDT 2003
thanks fixed it.
the box was setup as default open in the kernel so i do not need the
last default allow.
turns out my upsteam had filters on radius.
Ean Kingston wrote:
> On Tue, 2003-07-29 at 15:46, Sean Hafeez wrote:
>
>>i have a network (10.0.0.x) that is nat'd to the external interface of
>>the firewall. everything works great. the kernel was compiled with the
>>leave everything open opition. the only rules are:
>>
>>/sbin/natd -interface rl0
>>ipfw add divert natd all from any to any via rl0
>>ipfw add pipe 1 ip from any to any in recv rl1
>>ipfw add pipe 2 ip from any to any out xmit rl1
>>ipfw pipe 1 config mask src-ip 0xffffffff bw 1024kbits/s
>>ipfw pipe 2 config mask dst-ip 0xffffffff bw 1024kbits/s
>
> Do you not need:
> ipfw add allow all from any to any
> at the very end of that?
>
>>rl0 is the external. rl1 is the internal 10.0.0.x network.
>>
>>i have a device on the internal network 10.0.0.4 that needs to query an
>>radius server on the internet. i can see the request come in from the
>>device on rl1 (tcpdump -i rl1) but i see nothing leave and never see the
>>packet hit the server. is nat the problem? is there away around this?
>>
>>i googled but did not find anything that worked. remember this is a wide
>>open box that is just being used for nat and shapping with no rules.
>>
>>
>>thanks!
>>
>>
>>
>>
>>_______________________________________________
>>freebsd-ipfw at freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>>To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list